How to mask a password in Java 5?

Question

I am trying to mask a password in Java. Sun java has suggested a way to mask a password as follows.

Masking a password

It uses a simple way to do that.

public void run () {
  stop = true;
  while (stop) {
     System.out.print("\010*");
 try {
    Thread.currentThread().sleep(1);
     } catch(InterruptedException ie) {
        ie.printStackTrace();
     }
  }
}

But this approach has several drawbacks.

1. If the user uses the arrow keys + delete keys the password gets revealed.

2. If the user accidentally press 2 keys at the same time (Extremely high typing speed) some characters does not get masked.

Do you guys think of any way that can get a 100% correct masking?

Answer 1

Use Console.readPassword().

Answer 2

You can now use System.console();

Console c = System.console();
if (c == null) {
    System.err.println("No console.");
    System.exit(1);
}


char [] password = c.readPassword("Enter your password: ");

Answer 3

Using certain syscalls (on windows and unix) you can disable echoing of characters to console. This is what System.console() does, but it works also in Java.

I'm using JNA to map certain syscall of unix and windows in a private branch of jline:

• on unix I'm using the termios structure and tcgetattr/tcsetattr
• on windows I'm using GetConsoleMode and SetConsoleMode.

If you need code example leave a comment.

Answer 4

With the JDK 6.0, you have the java sources of the classes, including Console : I just verified and this class has only Java 5.0 dependencies.

So, in your project, you can create a copy of this Console class, and then use the readPassword method. I did not try but it should work.